Replace one more mention of escaping

Author: smowton

java/ql/src/Security/CWE/CWE-089/SqlConcatenated.qhelp

@@ -4,8 +4,8 @@
 <qhelp>
 <overview>
 <p>Even when the components of a SQL query are not fully controlled by
-a user, it is a vulnerability to concatenate those components into a
-SQL query without neutralizing special characters. Perhaps a separate
+a user, it is a vulnerability to build the query by directly
+concatenating those components. Perhaps a separate
 vulnerability will allow the user to gain control of the component. As
 well, a user who cannot gain full control of an input might influence
 it enough to cause the SQL query to fail to run.</p>